Exim Vulnerabilities Enable Remote Code Execution

The Zero Day Initiative (ZDI) opened information about the incorrect (0-day) vulnerabilities (cve-2023-42115, cve-2023-42116, cve-2023-42117) in the postal server exim, allowing you to remotely execute their code with the rights of the process that accepts the connection on the 25th network port. Authentication for an attack is not required.

First vulnerability (CVE-2023-42115) is caused by an error in the SMTP service and is related to the absence of proper data checks received from the user in the process of the SMTP seance and used to calculate the size of the buffer. As a result, the attacker can achieve a controlled recording of his data in the memory area abroad.

The second vulnerability (CVE-2023-421116) is present in the NTLM-request processor and is caused by copying of the data received from the user to a fixed size buffer without the necessary checks of the amount of the recorded information.

The third vulnerability

/Reports, release notes, official announcements.